Terrorist Financing Around the Globe
Iran Using Financial System to Fund Terror
For those who have been following the issue of terrorism financing for a while, this isn’t huge news: Iran has been illicitly accessing the US (and global) financial system to send money to terrorist proxies. The Financial Crimes Enforcement Network (FinCEN) - America’s financial intelligence unit - last week issued a new advisory to help financial institutions protect the financial system from abuse by terrorists and encourage vigilance when reporting illicit financial activity.
The message from FinCEN is clear: The terrorists are out there, people! And they’re crawling around our banks, moving money, and funding operations around the globe.
This isn’t your normal advisory. With 17 pages and 107 footnotes, this thing is detailed, well cited, and informative. Most people who aren’t illicit finance nerds probably haven’t even heard of the Palestinian Islamic Jihad (PIJ) and have only recently become interested in HAMAS after the brutal terrorist attacks in Israel in October 2023. The advisory details Iran’s sources of revenue and the methods by which Tehran moves money to its proxies.
It provides some background on HAMAS (yes, it’s an acronym for its official name, Harakat al-Muqawama al-Islamiya), PIJ, Hizballah, the Huthis in Yemen, and militias in Iraq and Syria, such as Kata’ib Hizballah (KH), Kata’ib Sayyid al Shuhada (KSS), Asa’ib Ahl al-Haq (AAH), and Harakat al-Nujaba (HaN).
Hizballah is Iran’s primary partner, through which Tehran projects power throughout the Middle East. It’s Islamic Jihad Organization (IJO) plots terrorist attacks worldwide. The IJO, which is also known as the External Security Organization or “Unit 910,” is a component of Hizballah responsible for the planning and coordination of intelligence, counterintelligence, and terrorist activities on behalf of the terrorist group outside of Lebanon. Two of its operatives were arrested in 2017 for their operations targeting US assets.
…recruited as Hizballah operatives, Samer El Debek and Ali Kourani allegedly received military-style training, including in the use of weapons like rocket-propelled grenade launchers and machine guns for use in support of the group’s terrorist mission. At the direction of his Hizballah handlers, El Debek allegedly conducted missions in Panama to locate the U.S. and Israeli Embassies and to assess the vulnerabilities of the Panama Canal and ships in the Canal. Kourani allegedly conducted surveillance of potential targets in America, including military and law enforcement facilities in New York City.
The United States in December also charged an IJO operative with bombing a Jewish community center in Buenos Aires that killed 85 people. Samuel Salman El Reda relayed information to help Hizballah operatives who bombed the Asociación Mutual Israelita Argentina in July 1994, and he remains at large, according to prosecutors.
Iran has provided hundreds of millions of dollars in support to Hizballah and has trained thousands of its fighters at camps in Iran, according to FinCEN. Hizballah, in turn, has trained and equipped other Iran-aligned militias in the region and acts as a conduit for funds from Iran’s IRGC-QF to other Iran-aligned groups.
Hizballah is a political party in Lebanon, and although it has been sanctioned as a foreign terrorist group by the United States since 1997, some countries and the EU separate the group’s military and political wings—sanctioning the former but not the latter.
That, in my view, makes operating within the global financial system a bit easier for Hizballah. The group’s “shadow banking” activities have been targeted by the US Office of Foreign Assets Control (OFAC). Hizballah’s financial firm, Al-Qard al-Hassan (AQAH), which was designated by OFAC in 2007, is used by Hizballah as a cover to manage the terrorist group’s financial activities and gain access to the international financial system. AQAH officials designated in 2021 have all participated in evasive “shadow” banking activity, maintaining joint bank accounts in Lebanese banks that have allowed them to transfer more than $500 million within the formal financial system over the past decade, despite existing sanctions against AQAH.
The Congressional Research Service notes that Hizballah operates a global criminal-financial network, with reported hubs in Africa and Latin America. A 2022 Europol report highlighted a network of collaborators built by the terrorist group in the EU that manages and distributes illegal drugs, such as captagon, into the EU, trafficks firearms and humans, and runs professional money laundering operations.
FinCEN assesses that Hizballah uses networks of front companies and legitimate businesses, as well as cryptocurrencies, to raise, launder, and transfer funds.
Hizballah financiers make use of free trade zones and countries with weak regulatory frameworks to establish import-export companies that facilitate trade-based money laundering schemes. These companies are often held in the name of a relative of the financier, for example a spouse. Hizballah operatives have been known to operate in the Tri-border area of Argentina, Brazil, and Paraguay, and in free trade zones in Chile and Panama, with members and supporters identified in Colombia and Peru as well. Hizballah’s illicit activities also extend to Africa. In 2019, Treasury designated Nazem Said Ahmad, who had used his Africa-based diamond business to launder money on behalf of Hizballah, along with Saleh Assi, who used his Congo-based businesses to launder and raise funds for Hizballah.
Iran, instead of using proceeds from its illicit sales of commodities to countries such as China to help its people, instead blames US sanctions for its lousy, inefficient economy, its crumbling infrastructure, and the high rate of deaths from the COVID pandemic, sends that money to Hizballah and other terrorist proxies, as well as funding its designated terrorist Islamic Revolutionary Guard Corps-Quds Force (IRGC-QF).
Treasury has already been targeting Iran’s smuggling networks, sanctioning third-country operatives, front companies, and ships involved in Iran’s oil smuggling networks. Treasury also has been designating Iran’s unmanned aerial system (UAS) production, which has been enhancing Russia’s attacks on Ukraine, with proceeds funding IRGC-QF and other terrorist groups.
Iranian government agencies, such as the Central Bank of Iran (CBI) and IRGC-QF, as well as state-sponsored organizations such as Hizballah, play a key role in channeling funds to these terrorist proxies, according to FinCEN, using overseas front companies and financial institutions.
Financial institutions located outside Iran can—wittingly or unwittingly—become intermediaries for these illicit transactions. IRGC-QF officials have been known to collect funds in various currencies from CBI-held accounts at financial institutions in neighboring countries and transfer those funds back to Iran or to terrorist organizations.
The Organized Crime and Corruption Reporting Project (OCCRP) a few years ago highlighted that although large financial institutions may have been unwitting pawns in terrorist financial movements, they probably should have known better. This is likely why FinCEN has chosen to issue this comprehensive advisory. No excuses!
According FinCEN’s analysis of Bank Secrecy Act data, third-country front companies—often incorporated as “trading companies” or “general trading companies”—and exchange houses act as a global “shadow banking” network that processes illicit commercial transactions and channels money to terrorist organizations on Iran’s behalf. Exchange houses and front companies rely on banks with correspondent accounts—accounts established through bilateral agreements between two financial institutions for a bank to handle financial transactions for another another bank—to process dollar-denominated transactions. And yes, Iranian customers do engage in fraud, falsifying documents and obscuring links to Tehran, to gain access to these correspondent accounts and the US and global financial system.
Knowing that the United States tries to respect cultures and religions, Iran has also used front companies, such as cultural and religious organizations, to funnel funds to its terrorist proxies. OFAC in 2020 designated the Reconstruction Organization for the Holy Shrines in Iraq (ROHSI) for moving money on behalf of IRGC-QF.
The Reconstruction Organization of the Holy Shrines in Iraq (ROHSI) is an IRGC-QF-controlled organization based in Iran and Iraq whose leadership was appointed by the late IRGC-QF Commander Qassem Soleimani. Though ostensibly a religious institution, ROHSI has transferred millions of dollars to the Iraq-based Bahjat al Kawthar Company for Construction and Trading Ltd, also known as Kosar Company, another Iraq-based entity under the IRGC-QF’s control. Kosar Company has served as a base for Iranian intelligence activities in Iraq, including the shipment of weapons and ammunition to Iranian-backed terrorist militia groups.
Additionally, Kosar Company has received millions of dollars in transfers from the Central Bank of Iran, which was designated pursuant to E.O. 13224 in September 2019 for its financial support of the IRGC-QF and Lebanese Hizballah. Both the IRGC-QF and Hizballah have been designated by the U.S. Department of State as Foreign Terrorist Organizations under section 219 of the Immigration and Nationality Act.
In addition, IRGC-QF officials have used ROHSI’s funds to supplement IRGC-QF budgets, likely embezzling public donations intended for the construction and maintenance of Shiite shrines in Iraq.
HAMAS, before conducting its terrorist attacks on Israel in October, relied on extorting money from the population in Gaza. Now that Israel largely demolished the infrastructure that brought revenues to HAMAS, it relies more than ever on funds from Iran, but its so-called “charities” that funnel money to terrorist operations, virtual currencies, and investments abroad still bring in revenue. OFAC in 2022 sanctioned the secret HAMAS investment portfolio and its managers.
FinCEN’s advisory specifically identifies indicators related to the fundraising and money-laundering activities of Iran-linked terrorist organizations. As I always tell students, no single red flag unequivocally means that terrorist financing is going on, but financial institutions should examine context if an indicator appears, looking at a customer’s historical financial activity, noting changes, assessing whether the transactions are in line with prevailing business practices. The more red flags are present, the closer financial institutions should look.
Are there links to OFAC-designated individuals or entities?
Are there key terms in documentation known to be associated with terrorism or terrorist organizations?
Is the customer conducting transactions with money services businesses or virtual asset services providers located in jurisdictions that are high-risk for terrorist financing?
Are “general trading companies” or exchange houses involved in the transaction? Does their beneficial ownership indicate links to Tehran? Are front companies with opaque ownership structures involved?
Are there money transfers to a jurisdiction known for, or at high risk for, terrorist activity (The FATF grey and black lists are a good start) that are inconsistent with their stated occupation or business purpose with vague stated purposes such as “travel expenses,” “charity,” “aid,” or “gifts?”
I’d also recommend reading Treasury’s 2024 National Terrorist Financing Risk Assessment for the latest analysis in terrorist financing strategies, methodologies, and vulnerabilities.
Look, I know that compliance work is becoming more complicated and challenging, and enhanced due diligence is increasingly complex. New regulations, new general licenses, new designations, additional proposed rules, and alerts are flying at us on an almost daily basis, and convergences of AML/CFT/CFP, sanctions enforcement, and other counter illicit finance (CIF) efforts are more and more pronounced.
But financial institutions need to do the work. The tools are out there, including compliance resources, databases, regulator guidance, and even settlement agreements, which compliance officers can use to determine what they are doing, what shortcomings they might have in their own compliance programs, and how to fix them. A self-initiated lookback at your transactions can go far in mitigating any penalties for potential violations.
And finally, share information with other financial institutions and even Designated Non-Financial Businesses and Professions (DNFBPs). Compliance is not a competition. You’re not going to get extra points for outsmarting colleagues at another bank. Work together to protect the US and global financial systems from terrorist exploitation, and we’ll all be better off.
Good on them! Sadly, Iran is much like the hydra, chop off one head, another three pop up. Their extensive use of the interwebs doesn't help either, as they use proxies there too.